// SCAN REPORT

Firefox MCP Server

29 tools. 18 can modify or destroy data without limits.

3 destructive tools with no built-in limits. Policy required.

Last updated:

18 can modify or destroy data
11 read-only
29 tools total

Community server · catalogue entry verified 11/06/2026

How to control Firefox MCP Server ↓

TOOL MAP

What Firefox MCP Server exposes to your agents

Read (11) Write / Execute (15) Destructive / Financial (3)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Firefox MCP Server tools

Destructive · Medium debug_buffers_clear Clearing debug buffers permanently destroys accumulated debug data (console logs, network activity, JavaScript errors, WebSocket messages, performance metrics, etc.) that cannot be recovered. Destructive · High browser_close Closing the entire browser instance and cleaning up all sessions and resources is irreversible — any unsaved browser state, open tabs, session data, and in-progress operations are permanently destroyed. Destructive · Medium session_close Closing and cleaning up a browser session is irreversible — the session state, open tabs, and any unsaved data are permanently destroyed. Execute · High browser_launch This tool launches and controls a Firefox browser instance, which is fundamentally an Execute action.

18 of Firefox MCP Server's 29 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Firefox MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Firefox MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "debug_buffers_clear": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "session_set_active": {
    "limits": [
      {
        "counter": "session_set_active_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "debug_performance_metrics": {
    "limits": [
      {
        "counter": "debug_performance_metrics_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Firefox MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON FIREFOX →

Free to start. No card required.

FULL CATALOGUE

All 29 Firefox MCP Server tools

DESTRUCTIVE 3 tools
Destructive debug_buffers_clear Clear accumulated debug data buffers to free memory and start fresh monitoring. Destructive browser_close Close the entire browser instance and clean up all sessions and resources. Destructive session_close Close a specific browser session and clean up its resources.
EXECUTE 14 tools
Execute browser_launch Launch Firefox browser with multi-session support and comprehensive debugging capabilities. Perfect for testin Execute debug_monitoring_start Start or restart comprehensive monitoring for console logs, errors, network activity, and WebSocket messages. Execute element_wait Wait for specific elements to appear or become visible. Essential for handling dynamic content and loading sta Execute javascript_execute Execute custom JavaScript code in the browser context. Powerful for advanced DOM manipulation, data extraction Execute page_navigate Navigate to a specific URL in the browser. Works with any web page or web application. Execute debug_helpers_inject Inject custom debugging utilities and helper functions into the page context for enhanced debugging capabiliti Execute element_click Click on any element using CSS selector or exact coordinates. Essential for interacting with buttons, links, a Execute element_drag Perform drag and drop operations or move sliders/draggable elements with smooth animations and precise control Execute history_back Navigate back in browser history, like clicking the back button. Execute history_forward Navigate forward in browser history, like clicking the forward button. Execute input_type Type text into input fields, text areas, or any editable element. Perfect for form filling and text input. Execute keyboard_press Send keyboard events with support for modifier keys and repetition. Ideal for arrow keys, shortcuts, and speci Execute page_reload Reload the current page, refreshing all content and JavaScript state. Execute session_create Create a new browser session (tab) with complete isolation - separate cookies, storage, and debugging. Essenti
WRITE 1 tools
Write session_set_active Set which browser session should be the default target for subsequent operations.
READ 11 tools
Read debug_performance_metrics Get detailed performance metrics including timing, memory usage, and paint events. Essential for performance o Read debug_activity_all Get a comprehensive feed combining console logs, errors, network activity, and WebSocket messages. Perfect for Read debug_console_logs Retrieve captured browser console messages (log, error, warn, info, debug). Essential for debugging JavaScript Read debug_javascript_errors Get JavaScript errors and exceptions with full stack traces. Critical for identifying and debugging client-sid Read html_extract Extract HTML content from the page or specific elements. Perfect for content analysis and data scraping. Read page_screenshot Capture screenshot of the current page or specific elements. Essential for visual verification and documentati Read session_list List all active browser sessions with their URLs and status. Useful for managing multiple test scenarios. Read text_extract Extract visible text content from the page or specific elements. Ideal for reading displayed information and v Read url_get_current Get the current URL of the active page or specified session. Read debug_network_activity Monitor HTTP requests, responses, and network timing. Perfect for API debugging and performance analysis. Read debug_websocket_messages Capture WebSocket traffic including Phoenix LiveView messages. Ideal for real-time application debugging and m
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about Firefox MCP Server

Can an AI agent delete data through the Firefox MCP Server MCP server? +

Yes. The Firefox MCP Server server exposes 3 destructive tools including debug_buffers_clear, browser_close, session_close. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Firefox MCP Server? +

The Firefox MCP Server server has 1 write tools including session_set_active. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Firefox MCP Server.

How many tools does the Firefox MCP Server MCP server expose? +

29 tools across 4 categories: Destructive, Execute, Read, Write. 11 are read-only. 18 can modify, create, or delete data.

How do I enforce a policy on Firefox MCP Server? +

Register the Firefox MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Firefox MCP Server tool call.

Deterministic rules across all 29 Firefox MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON FIREFOX →

Free to start. No card required.

29 Firefox MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.